Step 7. Shares


Remove any unused shares and harden the NTFS permissions on any essential shares. By default all users have full control on newly created file shares. Harden these default permissions to ensure that only authorized users can access files exposed by the share. In addition to explicit share permissions, use NTFS ACLs for files and folders exposed by the share.

During this step, you:

  • Remove unnecessary shares .

  • Restrict access to required shares .

Remove Unnecessary Shares

Remove all unnecessary shares. To review shares and associated permissions, run the Computer Management MMC snap-in, and select Shares from Shared Folders as shown in Figure 16.3.

click to expand
Figure 16.3: Computer Management MMC snap-in Shares

Restrict Access to Required Shares

Remove the Everyone group and grant specific permissions instead. Everyone is used when you do not have restrictions on who should have access to the share.

Additional Considerations

If you do not allow remote administration of your server, remove unused administrative shares, for example C$ and Admin$ .

Note  

Some applications may require administrative shares. Examples include Microsoft Systems Management Server (SMS) and Microsoft Operations Manager (MOM). For more information, see Microsoft Knowledge Base article 318751, "How To: Remove Administrative Shares in Windows 2000 or Windows NT 4.0."




Improving Web Application Security. Threats and Countermeasures
Improving Web Application Security: Threats and Countermeasures
ISBN: 0735618429
EAN: 2147483647
Year: 2003
Pages: 613

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net